Re: (Q) Sun Rpcbind problem.

Casper Dik (casper@HOLLAND.SUN.COM)
Fri, 10 Apr 1998 20:52:32 +0200

>Lately, there is an annoucement from Sun regarding security problem
>with its rpcbind.
>
>At the office, one of the solaris machine uses a rpcbind replacement:
>part of the README is attached at the end.
>
>Does anyone have an idea if I should upgrade to the Sun rpcbind, or
>the replacement rpcbind is OK?

I've talked some with Wietse, and it seems his replacement rpcbind
does exactly the same thing wrong as teh real thing.

However, this is not big security problem people can exploit at will.

It requires teh system administrator to want to kill and restart
rpcbind. It will then dump out the tables to /tmp
(unsafely) and when started up it will reread them (also unsafely).

So if you refrain from killing rpcbind with SIGINT or SIGTERM, you should
be OK.

If you have "set nfssrv:nfs_portmon = 1" in /etc/system, you have little to
worry about when it come sto rpcbind as shipped by Sun, it also now filters
many different indirect RPC calls.

(Indirect RPC calls are required to suport broadcast RPC)

Wietse's rpcbind continues to offer the advantage of filtering and
logging, but it should be noted that rpcbind need not be involved
in remote procedure calls at all. Portscanning and then calling also
find rpc services.

Casper